sophie/nuke
1
0
Fork 0
Code Packages 1 Activity Actions

fix(jwt): update nonce value in challenge JWT cookie to be a string (#486)

Browse source 
Closes https://github.com/TecharoHQ/anubis/issues/468

Signed-off-by: Jason Cameron <git@jasoncameron.dev>
This commit is contained in:
Jason Cameron 2025-05-09 20:10:28 -04:00 committed by GitHub
parent a0805cad16
commit 2b103a9ec7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

3
lib/anubis.go
View file

@ -17,6 +17,7 @@ import (
"time"
"github.com/golang-jwt/jwt/v5"
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promauto"
@ -344,7 +345,7 @@ func (s *Server) PassChallenge(w http.ResponseWriter, r *http.Request) {
// generate JWT cookie
token := jwt.NewWithClaims(jwt.SigningMethodEdDSA, jwt.MapClaims{
"challenge": challenge,
"nonce": nonce,
"nonce": nonceStr,
"response": response,
"iat": time.Now().Unix(),
"nbf": time.Now().Add(-1 * time.Minute).Unix(),